The NETWORK SERVICE account is missing from the "Logon as a service" (SeServiceLogonRight) privilege on the existing domain controllers

NTLM is disabled on domain controllers, using security policies described in Introducing the Restriction of NTLM Authentication

I have verified that there are no firewall rules blocking traffic; the NETWORK SERVICE account is listed in the "Logon as a service" on the 2003 box Default Domain Controller Security Settings; and NTLM is not disabled.

Other Googling shows people with the same issue, which was resolved by putting a 2008 server on the domain, promoting it, and then the 2012 box will promote from there. I am hoping to avoid this scenario.

Paul, I like to think I know what I'm doing most of the time but can you lend a brother a hand and give me a little more detail on running a WMI query, as you suggest? My googling the same only confused me more.

At this point I'm ready to build up a 2008 box and do a two-step promo.

You can run queries directly from the Command Prompt. Type: WMICThis site has a good list of examples.
You need to specify a user with domain admin credentials to test the DC - the "/user" switch as shown here.

Just to close this out, I was NOT able to get the 2012 box promoed into the 2003 domain.

Ended up building a 2008r2 box on an old 760 Optiplex workstation, DCPROMO-ed that box and transferred FMSO roles to the same 2008 box

From there I was able to promote the 2012 server and transfer the FSMO roles to it.

The 2008r2 box was DCPROMO-ed out of the domain and then removed.

This was a two-step process that I was hoping to avoid but it worked. Building the box, promoting it in and out of the domain, etc took a shorter amount of time than the hours of troubleshooting I performed (including posting here). Hope this helps someone else out there.

Some where not too long ago I read something to this effect, that you can't directly promote 2012 in a 2003 domain.

@mscheidler, nice write up. but I might suggest rather than upgrade a 2000 domain to 2003, go right to 2008R2. The upgrade process from 2000 to 2008R2 is surprisingly smooth and should then eliminate any issues when promoting a 2012 server.

@Chuck, I believe the issue here specifically is caused by some sort of WMI corruption/misconfiguration. I watched a youtube video of someone going from 2003 to 2012 with no issues. Also, when this simply refused to work, something snapped in my brain and it became an imperative task to defeat that bastard server (without "punting").